UAB IT has issued interim guidance on the use of cloud services for the UAB campus.

The guidance is for members of the UAB campus community who wish to use cloud applications and services available on the Web, including file storage, Web conferencing and content hosting.

While recognizing that cloud services can fill a need in certain areas, UAB IT reminds all UAB employees to use appropriate due diligence when entering into agreements, especially with cloud providers. UAB employees should not store sensitive/restricted information in a cloud service without University-approved agreements in place.

UAB employees cannot subscribe to cloud services to store sensitive or classified data (see UAB Data Protection and Security Policy for what UAB defines as sensitive data) without an appropriate agreement directly with UAB — and employees cannot be reimbursed for such cloud subscriptions without an affirming statement that the data stored is not sensitive.

Over the coming months, additional information will be released, including guidelines for specific cloud services.

UAB IT has issued interim guidance on the use of cloud services for the UAB campus.

The guidance is for members of the UAB campus community who wish to use cloud applications and services available on the Web, including file storage, Web conferencing and content hosting.

While recognizing that cloud services can fill a need in certain areas, UAB IT reminds all UAB employees to use appropriate due diligence when entering into agreements, especially with cloud providers. UAB employees should not store sensitive/restricted information in a cloud service without University-approved agreements in place.

UAB employees cannot subscribe to cloud services to store sensitive or classified data (see UAB Data Protection and Security Policy for what UAB defines as sensitive data) without an appropriate agreement directly with UAB — and employees cannot be reimbursed for such cloud subscriptions without an affirming statement that the data stored is not sensitive.

Over the coming months, additional information will be released, including guidelines for specific cloud services.

While it is impossible to anticipate every possible violation, examples are provided below to assist in defining what is considered to be responsible and ethical behavior. This list is not intended to be exhaustive; in general, any activity which does not directly contribute to UAB's mission may be considered inappropriate use.

Commercial activities, advertising, or any other "for-profit" ventures not specifically approved by the UAB administration.

Sustained promotion of any non-UAB activity or venture, profit or non-profit, public or private, personal or commercial, without approval of the UAB administration.

Acts of intolerance and/or harassment due to race, ethnicity, gender identity and expression, religion, disability, or sexual orientation, if such conduct has the purpose or effect of unreasonably interfering with an individual’s educational performance or creating an intimidating, hostile, offensive, or abusive environment for that individual’s education, living environment, employment, or participation in a University-related activity.

Creating, displaying, transmitting, or obtaining obscene or pornographic materials or any form of content which violates state and/or federal statutes and/or local standards of decency.

Copyright and licensing violations including, but not limited to, providing or obtaining illegal copies of software or digital media (movies, videos, music, etc.) for which legal permission to distribute or possess has not been granted.

Vandalism or mischief intended to incapacitate, compromise, or destroy UAB or other facilities, resources, or services.

Forgery or attempted forgery of electronic mail or posts to electronic forums or any other act of deceptive labeling of the originator of an electronic communication.

Obtaining goods, services, or funds of any form via electronic means by using the name and/or credentials of another person or entity without their consent and knowledge.

Deliberately sending un-welcomed or off-topic messages to an individual or discussion forum. This includes continuing to send such messages after being asked by the individual or forum's owner/moderator to stop doing so even though the originator does not consider the material offensive or inappropriate.

Transmitting unreasonable quantities of data or messages to persons or groups without their consent or request.

Spamming or transmitting unsolicited material to a large number of individual persons and/or discussion lists, newsgroups, or other forums even though the material itself may not otherwise violate these guidelines.

Being a continued impediment to other users through mass consumption of computing or network resources after receipt of a request to cease such activity, even if the activity is not otherwise disallowed.

Transmitting without permission private information such as grades, medical records, financial data, or any other information that is protected by the Public Records Law or by legislation such as HIPAA, FERPA, etc.

Attempts to compromise computer and/or network security measures or providing information/instructions for how to do so.

Unauthorized, deliberate action which damages or disrupts a computing system or network, alters its normal performance, or causes it to malfunction. This includes intentional attempts to "crash" network systems or programs.

Attempts to gain unauthorized access to other systems on the UAB campus or the Internet.

Sharing of secure access credentials, such as passwords or private keys.

Attempts to guess, capture, "hack" or decrypt the secure access credentials of other users.

Attempts to possess, decrypt, or distribute data to which access has not been authorized.

Attempts to elevate system privileges or access without consent.

Unauthorized access of internal or external services through the use of stolen, guessed, hacked, copied, or discovered secure access credentials or other private data obtained without consent.

The willful or negligent introduction of computer "viruses" or other disruptive/destructive programs into the UAB network or into external networks.